2 # PyGOST -- Pure Python GOST cryptographic functions library
3 # Copyright (C) 2015-2021 Sergey Matveev <stargrave@stargrave.org>
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, version 3 of the License.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 """:rfc:`5280` related structures (**NOT COMPLETE**)
18 They are taken from `PyDERASN <http://www.pyderasn.cypherpunks.ru/`__ tests.
21 from pyderasn import Any
22 from pyderasn import BitString
23 from pyderasn import Boolean
24 from pyderasn import Choice
25 from pyderasn import GeneralizedTime
26 from pyderasn import IA5String
27 from pyderasn import Integer
28 from pyderasn import ObjectIdentifier
29 from pyderasn import OctetString
30 from pyderasn import PrintableString
31 from pyderasn import Sequence
32 from pyderasn import SequenceOf
33 from pyderasn import SetOf
34 from pyderasn import tag_ctxc
35 from pyderasn import tag_ctxp
36 from pyderasn import TeletexString
37 from pyderasn import UTCTime
39 from pygost.asn1schemas.oids import id_at_commonName
40 from pygost.asn1schemas.oids import id_at_countryName
41 from pygost.asn1schemas.oids import id_at_localityName
42 from pygost.asn1schemas.oids import id_at_organizationName
43 from pygost.asn1schemas.oids import id_at_stateOrProvinceName
46 class Version(Integer):
54 class CertificateSerialNumber(Integer):
58 class AlgorithmIdentifier(Sequence):
60 ("algorithm", ObjectIdentifier()),
61 ("parameters", Any(optional=True)),
65 class AttributeType(ObjectIdentifier):
69 class AttributeValue(Any):
73 class OrganizationName(Choice):
75 ("printableString", PrintableString()),
76 ("teletexString", TeletexString()),
80 class AttributeTypeAndValue(Sequence):
82 ("type", AttributeType(defines=(((".", "value"), {
83 id_at_countryName: PrintableString(),
84 id_at_stateOrProvinceName: PrintableString(),
85 id_at_localityName: PrintableString(),
86 id_at_organizationName: OrganizationName(),
87 id_at_commonName: PrintableString(),
89 ("value", AttributeValue()),
93 class RelativeDistinguishedName(SetOf):
94 schema = AttributeTypeAndValue()
95 bounds = (1, float("+inf"))
98 class RDNSequence(SequenceOf):
99 schema = RelativeDistinguishedName()
104 ("rdnSequence", RDNSequence()),
110 ("utcTime", UTCTime()),
111 ("generalTime", GeneralizedTime()),
115 class Validity(Sequence):
117 ("notBefore", Time()),
118 ("notAfter", Time()),
122 class GostR34102012PublicKeyParameters(Sequence):
124 ("publicKeyParamSet", ObjectIdentifier()),
125 ("digestParamSet", ObjectIdentifier(optional=True)),
129 class SubjectPublicKeyInfo(Sequence):
131 ("algorithm", AlgorithmIdentifier()),
132 ("subjectPublicKey", BitString()),
136 class UniqueIdentifier(BitString):
140 class KeyIdentifier(OctetString):
144 class SubjectKeyIdentifier(KeyIdentifier):
148 class BasicConstraints(Sequence):
150 ("cA", Boolean(default=False)),
151 # ("pathLenConstraint", PathLenConstraint(optional=True)),
155 class Extension(Sequence):
157 ("extnID", ObjectIdentifier()),
158 ("critical", Boolean(default=False)),
159 ("extnValue", OctetString()),
163 class Extensions(SequenceOf):
165 bounds = (1, float("+inf"))
168 class TBSCertificate(Sequence):
170 ("version", Version(expl=tag_ctxc(0), default="v1")),
171 ("serialNumber", CertificateSerialNumber()),
172 ("signature", AlgorithmIdentifier()),
174 ("validity", Validity()),
176 ("subjectPublicKeyInfo", SubjectPublicKeyInfo()),
177 ("issuerUniqueID", UniqueIdentifier(impl=tag_ctxp(1), optional=True)),
178 ("subjectUniqueID", UniqueIdentifier(impl=tag_ctxp(2), optional=True)),
179 ("extensions", Extensions(expl=tag_ctxc(3), optional=True)),
183 class Certificate(Sequence):
185 ("tbsCertificate", TBSCertificate()),
186 ("signatureAlgorithm", AlgorithmIdentifier()),
187 ("signatureValue", BitString()),
191 class RevokedCertificates(SequenceOf):
192 # schema = RevokedCertificate()
193 schema = OctetString() # dummy
196 class TBSCertList(Sequence):
198 ("version", Version(optional=True)),
199 ("signature", AlgorithmIdentifier()),
201 ("thisUpdate", Time()),
202 ("nextUpdate", Time(optional=True)),
203 ("revokedCertificates", RevokedCertificates(optional=True)),
204 ("crlExtensions", Extensions(expl=tag_ctxc(0), optional=True)),
208 class CertificateList(Sequence):
210 ("tbsCertList", TBSCertList()),
211 ("signatureAlgorithm", AlgorithmIdentifier()),
212 ("signatureValue", BitString()),
216 class GeneralName(Choice):
218 # ("otherName", AnotherName(impl=tag_ctxc(0))),
219 # ("rfc822Name", IA5String(impl=tag_ctxp(1))),
220 ("dNSName", IA5String(impl=tag_ctxp(2))),
221 # ("x400Address", ORAddress(impl=tag_ctxp(3))),
222 # ("x400Address", OctetString(impl=tag_ctxp(3))),
223 # ("directoryName", Name(expl=tag_ctxc(4))),
224 # ("ediPartyName", EDIPartyName(impl=tag_ctxc(5))),
225 # ("uniformResourceIdentifier", IA5String(impl=tag_ctxp(6))),
226 # ("iPAddress", OctetString(impl=tag_ctxp(7))),
227 # ("registeredID", ObjectIdentifier(impl=tag_ctxp(8))),
231 class GeneralNames(SequenceOf):
232 schema = GeneralName()
233 bounds = (1, float("+inf"))
236 class SubjectAltName(GeneralNames):
240 class AuthorityKeyIdentifier(Sequence):
242 ("keyIdentifier", KeyIdentifier(impl=tag_ctxp(0), optional=True)),
243 # ("authorityCertIssuer", GeneralNames(impl=tag_ctxc(1), optional=True)),
245 # "authorityCertSerialNumber",
246 # CertificateSerialNumber(impl=tag_ctxp(2), optional=True),
251 class KeyUsage(BitString):
253 ("digitalSignature", 0),
254 ("nonRepudiation", 1),
255 ("keyEncipherment", 2),
256 ("dataEncipherment", 3),